Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5.1 logging

Hi,

i have installed ACS 5.1.0.44 demo (demo license) on ESX VM 4.0, everything works fine.But i have a problem is the logging.

1- i have configured the ACS to use remote log server, it sends the logs to the server in a very detail way.

the question is how i can define certain attribute in the log send?  For example, how to send only in the log the following attribute: remote-address, meaasge, severity , time , date, and facility.

the below is ONE log send from ACS to GFI log server


Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 0 2010-06-23 18:01:55.897 +00:00 0000008864 3302 NOTICE Tacacs-Accounting: TACACS+ Accounting STOP, ACSVersion=acs-5.1.0.44-B.2347,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 1  ConfigVersionId=167, Device IP Address=10.39.2.26, RequestLatency=0, NetworkDeviceName=switch26, Type=Accounting,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 2  Privilege-Level=1, Service=Login, User=user1, Port=tty5, Remote-Address=10.39.24.7, Authen-Method=TacacsPlus, AVPair=task_id=76,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 3  AVPair=timezone=UTC, AVPair=start_time=1277296026, AVPair=disc-cause=9, AVPair=disc-cause-ext=2, AVPair=pre-session-time=0,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 4  AVPair=elapsed_time=9158, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=acs-demo/66496449/326,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 5  SelectedAccessService=Default Device Admin, Step=13006 , Step=15008 , Step=15004 , Step=15012 , Step=13035 ,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 6  NetworkDeviceGroups=Device Type:All Device Types, NetworkDeviceGroups=Location:All Locations,
Jun 23 17:59:45 10.39.250.11 Jun 23 18:01:55 acs-demo CSCOacs_TACACS_Accounting 0000000134 8 7  Response={Type=Accounting; AcctReply-Status=Success; }

2- can i configure ACS, to send the logs that are not sent when the log server is down, after the log server has been restored and up

i.e. re-synchronizing???

Please , i will appreciate if anyone can help

Regards,

George

  • AAA Identity and NAC
700
Views
0
Helpful
0
Replies